我通過複製509條計劃連接的IDP來生成testIdp.cer文件。然後,我通過執行以下命令受信任的證書條目不受密碼保護Spring SAML
keytool -importcert -alias adfssigning -keystore C:\Users\user\Desktop\samlKeystore.jks -file C:\Users\user\Desktop\testIdp.cer
創建JKS文件執行時,已經要求進入的,我都給予了密碼的密碼。對於「信任此證書?[否]:」這個問題,我已經給出了「y」作爲輸入。消息以「證書被添加到密鑰庫」出現。
然後我就在securityContext.xml
<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
<constructor-arg value="classpath:security/samlKeystore.jks"/>
<constructor-arg type="java.lang.String" value="mypassword"/>
<constructor-arg>
<map>
<entry key="adfssigning" value="mypassword"/>
</map>
</constructor-arg>
<constructor-arg type="java.lang.String" value="adfssigning"/>
</bean>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="alias" value="adfssigning" />
<property name="signingKey" value="adfssigning"/>
</bean>
配置了以下細節但是當我運行應用程序,我得到以下兩種情況例外,當在服務器啓動時,當我加載應用程序的主頁。任何人都可以讓我知道我是否缺少其他東西。
當我啓動服務器
Caused by: org.opensaml.saml2.metadata.provider.FilterException: Signature trust establishment failed for metadata entry
at org.opensaml.saml2.metadata.provider.SignatureValidationFilter.verifySignature(SignatureValidationFilter.java:327)
at org.opensaml.saml2.metadata.provider.SignatureValidationFilter.processEntityGroup(SignatureValidationFilter.java:240)
at org.opensaml.saml2.metadata.provider.SignatureValidationFilter.doFilter(SignatureValidationFilter.java:158)
at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.filterMetadata(AbstractMetadataProvider.java:493)
at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.processNonExpiredMetadata(AbstractReloadingMetadataProvider.java:395)
此異常是發生在我跑我的應用程序的主頁此異常是發生
java.lang.UnsupportedOperationException: trusted certificate entries are not password-protected
at java.security.KeyStoreSpi.engineGetEntry(Unknown Source)
at java.security.KeyStore.getEntry(Unknown Source)
at org.opensaml.xml.security.credential.KeyStoreCredentialResolver.resolveFromSource(KeyStoreCredentialResolver.java:132)
庫馬爾嗨, 你如何解決您的問題?我也面臨同樣的問題。請通過這個鏈接。 http://stackoverflow.com/questions/33369965/trusted-certificate-entries-are-not-password-protected-java 請指引我一個解決方案 – praneeth 2015-10-28 14:55:17